[ previous ] [ next ] [ threads ]
 
 From:  brandon <bstone108 at comcast dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Disable WebGUI and use Shell only?
 Date:  Fri, 10 Mar 2006 12:58:26 -0600
(resend, forgot to change email addy to m0n0wall..)

I have suggestion,  if you don't want others in your office to be able 
to access the m0n0wall gui, then why don't you set a static ip to the 
machine in your office, modify the m0n0wall rules so that only that ip 
can access the gui, and disable the antilockout option?
this in addition to a username besides admin (you can change that on 
m0n0wall gui) and a strong password, no one will be able to mess with 
the m0n0wall but you.  this is how I setup the m0n0wall for the networks 
I manage,  the only machine that uses that ip is my laptop, asigned via 
the static ip page on m0n0wall using my laptops built in wireless cards 
mac address, this way when I walk into the building, my laptop connects 
and gets it's ip asigned, and the gui is avalible to it but no other 
machines.   just make sure the ip you use it's outside of the dhcp range 
of your m0n0wall

Ryan Wagoner wrote:

> If you really want the option to SSH in and gain access to the console 
> pfsense has what you are looking for.
>
> I really don't see the need to do this since the config is stored in 
> config.xml. It would be more of a pain to edit through the console 
> than through the web gui. Honestly on my linux server I do everything 
> throug hte command line it doesn't even have an x server running, but 
> with monowall I like the gui. Its not a after thought like normal 
> linux guis are and everything is tightly integrated.
>
>
> -----Original Message-----
> From: Jimmy Bones (Mhottie) [mailto:mhottie at gmail dot com]
> Sent: Thu 3/9/2006 11:23 PM
> To: Lee Sharp
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Disable WebGUI and use Shell only?
>
> It might be, but the client in question is a small business, and everyone
> shares roles. There are some nosy people in the office that think they 
> know
> how to "fix" computers, and to alleviate larger problems and issues it 
> would
> be best to avoid them from seeing a webGUI.
>
> I never really noticed this until now, but why can you not ssh into a
> m0n0wall box for manual config and/or status monitoring w/o a gui?
>
> Thanks for your replies.
>
>
>
> On 3/9/06, Lee Sharp <leesharp at hal dash pc dot org> wrote:
>  
>
>> From: "Jimmy Bones (Mhottie)" <mhottie at gmail dot com>
>>
>>   
>>
>>> Is there a way to disable the webgui and configure/access via shell/ssh
>>> only?
>>>     
>>
>> No.  First, m0n0wall has no shell.  Second, the web GUI is not a config
>> tool, but the backbone of the system.
>>
>>   
>>
>>> Or maybe run the webgui on an odd port, etc? Have the console menu dump
>>> into
>>> a shell login prompt instead of console menu, etc?
>>>     
>>
>> Pick any port.  And run it with ssl if you want.
>>
>>   
>>
>>> I ask because we are going to setup a m0n0 box in a small office that
>>>     
>>
>> has
>>   
>>
>>> several nosy people in it that will want to start "playing with
>>>     
>>
>> settings".
>>   
>>
>>> I
>>> would like to do the inital config in the webgui, then disable it and
>>> continue to configure via a shell, etc. and keep it that way.
>>>     
>>
>> This is not a technical problem, and can not be solved with a technical
>> solution.  However, the new Sarbanes Oxley regulations can be your 
>> friend
>> here.  "I am not sure about this.  Isn't giving access to the 
>> firewall to
>> people not on the security team a violation of Sarbanes-Oxley?  
>> Should we
>> ask legal, or the auditors?"
>>
>>                        Lee
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>>   
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>  
>